/* eslint-disable camelcase */
import rsaPublicKeyPem from '../../../share/rsaPublicKeyPem'
import jwt from 'jsonwebtoken'

export default class Auth {
  constructor (options) {
    this.options = Object.assign({
      baseUrl: 'https://appleid.apple.com',
      timeout: 5000
    }, options)
  }

  async _fetch (url, options) {
    const { baseUrl } = this.options
    return uniCloud.httpclient.request(baseUrl + url, options)
  }

  async verifyIdentityToken (identityToken) {
    // 解密出kid，拿取key
    const jwtHeader = identityToken.split('.')[0]
    const kid = JSON.parse(Buffer.from(jwtHeader, 'base64').toString()).kid

    const { status, data } = await this._fetch('/auth/keys', {
      method: 'GET',
      dataType: 'json',
      timeout: this.options.timeout
    })

    if (status !== 200) throw new Error('request fail')

    let usedKey = {}
    // 从这组密钥中，选择具有匹配密钥标识符（kid）的密钥，以验证Apple发行的任何JSON Web令牌（JWT）的签名
    for (let index = 0; index < data.keys.length; index++) {
      const item = data.keys[index]
      if (item.kid === kid) {
        usedKey = item
        break
      }
    }

    /* {
        iss: 'https://appleid.apple.com',aud: 'io.dcloud.hellouniapp',exp: 1610626724,
        iat: 1610540324,sub: '000628.30119d332d9b45a3be4a297f9391fd5c.0403',c_hash: 'oFfgewoG36cJX00KUbj45A',email: 'x2awmap99s@privaterelay.appleid.com',
        email_verified: 'true',is_private_email: 'true',auth_time: 1610540324,nonce_supported: true
    } */
    let jwtClaims = null
    try {
      jwtClaims = jwt.verify(identityToken, rsaPublicKeyPem(usedKey.n, usedKey.e), { algorithms: usedKey.alg })
    } catch (error) {
      return {
        code: 10705,
        msg: error.message
      }
    }

    return {
      code: 0,
      msg: jwtClaims
    }
  }
}
